CN105989275B - Method and system for certification - Google Patents

Method and system for certification Download PDF

Info

Publication number
CN105989275B
CN105989275B CN201610156518.3A CN201610156518A CN105989275B CN 105989275 B CN105989275 B CN 105989275B CN 201610156518 A CN201610156518 A CN 201610156518A CN 105989275 B CN105989275 B CN 105989275B
Authority
CN
China
Prior art keywords
equipment
data
account
access
threshold value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610156518.3A
Other languages
Chinese (zh)
Other versions
CN105989275A (en
Inventor
R·L·奇尔德拉斯
I·古尔德伯格
C·A·匹克奥沃
N·桑迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qindarui Co.
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of CN105989275A publication Critical patent/CN105989275A/en
Application granted granted Critical
Publication of CN105989275B publication Critical patent/CN105989275B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1021Server selection for load balancing based on client or server locations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provide the method and system for certification.More specifically, a kind of method for certification is provided.This method, which is executed, attempts to access that point account with data by one or more computer processor identifications.This method, which is executed, identifies that one or more associated with the account calculates equipment by one or more computer processors.This method executes the distance for determining by one or more computer processors and calculating equipment from one or more the first calculating equipment calculated in equipment identified to one or more second calculated in equipment identified.This method, which is executed, determines that calculating equipment from first calculates the distance of equipment whether within the threshold value degree of approach to second by one or more computer processors.This method is also satisfied based on the threshold value degree of approach or is more than and permits or refuse to point access with data.

Description

Method and system for certification
Technical field
Present invention relates generally to data striping (data striping), and set more particularly, to based on calculating Permit or refuse to point access with data in the position of standby reference by location another calculating equipment.
Background technique
In computer data storage, data striping (striping) is for segmentation (segmenting) sequence in logic Data (for example, file), so that continuous section is stored in the technology on different physical storage devices.When processing equipment number of request According to speed be capable of providing the speed of data faster than individually storing equipment when, it can be useful for dividing band.Across it is multiple can be parallel Equipment dispersion section (segment) of access can increase total data throughout.Data striping across disk array for balancing Input/output (I/O) load also can be useful method.Divide band across the disk in redundant array of independent disks (RAID) storage Driver, network interface controller, different computers in cluster file system and storage towards grid and some Random access memory (RAM) in system is used.
Summary of the invention
Each aspect of the present invention provides the method according to an embodiment of the present invention for certification.In an aspect, one Kind method includes attempting to access that point account with data by the identification of one or more computer processors.This method includes passing through One or more computer processor identification one or more calculating equipment associated with the account.This method includes passing through one A or multiple computer processors are determined from one or more the first calculating equipment calculated in equipment identified to being identified One or more second calculated in equipment calculate the distances of equipment.This method includes by one or more computer disposals Device determines that calculating equipment from first calculates the distance of equipment whether within the threshold value degree of approach to second.
On the other hand, a kind of computer program product includes that identification attempts to access that a point program for the account with data refers to It enables.The computer program product includes identification one or more program instructions for calculating equipment associated with the account.The meter Calculation machine program product includes determining from one or more first calculated in equipment identified to calculate equipment to one identified A or multiple second calculated in equipment calculate the program instruction of the distance of equipment.The computer program product includes determining from the One calculate equipment to second calculate equipment distance whether the program instruction within the threshold value degree of approach.
In another aspect also, a kind of computer system includes that identification attempts to access that a point program for the account with data Instruction.The computer system includes identification one or more program instructions for calculating equipment associated with the account.The calculating Machine system includes determining from one or more first calculated in equipment identified to calculate equipment to one or more identified Second in a calculating equipment calculates the program instruction of the distance of equipment.The computer system includes determining from first to calculate equipment To second calculate equipment distance whether the program instruction within the threshold value degree of approach.
In other side also, it is a kind of for dispose be used for certification system method include mention energized operation with The Basis of Computer Engineering facility of point account with data is attempted to access that by the identification of one or more computer processors.This method packet It includes and identifies one or more calculating equipment associated with the account by one or more computer processors.This method includes By one or more computer processors determine from one or more first calculated in equipment identified calculate equipment to One or more second calculated in equipment identified calculate the distance of equipment.This method includes being calculated by one or more Machine processor determines that calculating equipment from first calculates the distance of equipment whether within the threshold value degree of approach to second.
In another aspect also, in response to determining that calculating equipment from first calculates the distance of equipment in threshold value to second Within the degree of approach, permitted by one or more computer processors to point access with data.
In another aspect also, in response to determining that calculating equipment from first calculates the distance of equipment in threshold value to second Within the degree of approach, permitted by one or more computer processors to point access with data.
In another aspect also, wherein determining that from the first calculating equipment include passing through to the distance of the second calculating equipment One or more computer processors are based on first and calculate equipment and second calculates equipment whether can be via Wireless Personal Area Net (WPAN) communication, which is determined from first, calculates the distance that equipment calculates equipment to second.This method includes wherein if first calculates Equipment and the second calculating equipment can be communicated using WPAN, then identified distance is within the threshold value degree of approach.This method packet Including wherein cannot be communicated if first calculates equipment and the second calculating equipment using WPAN, and identified distance connect more than threshold value Recency.
In other side also, this method includes that (a quorum of) calculating equipment of determining specified quantity is It is no within the mutual threshold value degree of approach.This method includes identifying calculating equipment associated with the account.This method includes Determine the calculating equipment of preset quantity associated with the account whether in mutual threshold by one or more equipment that calculate It is worth within the degree of approach.
Detailed description of the invention
Fig. 1 shows cloud computing nodes according to an embodiment of the invention;
Fig. 2 indicates cloud computing environment according to an embodiment of the invention;
Fig. 3 indicates abstract model layer according to an embodiment of the invention;
Fig. 4 is the functional block diagram for showing distributed data processing environment according to an embodiment of the invention;
Fig. 5 is the flow chart for indicating the operating procedure of program according to an embodiment of the invention;And
Fig. 6 is the flow chart for indicating the operating procedure of program according to an embodiment of the invention.
Specific embodiment
Embodiments of the invention recognize that across multiple equipment storing data can be beneficial to increase data throughout.This The embodiment of invention recognizes that storing data can carry out risk to data band on a single device, if the equipment is invaded (breached) or it is stolen if.
It is understood in advance that although the disclosure includes the detailed description about cloud computing, the technical solution being described Realization be but not limited to cloud computing environment, but can be in conjunction with the calculating ring of any other type that is currently known or developing later Border and realize.
Cloud computing is a kind of service offering mode, for carrying out conveniently, on demand to shared configurable computing resource pool Network access.Configurable computing resource is can to carry out least interaction energy with the smallest management cost or with ISP The resource of rapid deployment and release, for example, can be network, network bandwidth, server, processing, memory, storage, using, it is virtual Machine and service.This cloud mode may include at least five features, at least three service models and at least four deployment models.
Feature includes:
On-demand self-help service: the consumer of cloud can be single in the case where being not necessarily to artificially be interacted with ISP Aspect automatically disposes the computing capability of server time and network storage etc. on demand.
Extensive network insertion: computing capability can be obtained on network by standard mechanism, and this standard mechanism promotes By different types of thin client platform or thick client computer platform, (such as mobile phone, laptop computer, individual digital are helped Manage PDA) use to cloud.
Resource pool: the computing resource of supplier is included into resource pool and by multi-tenant (multi-tenant) mode service In multiple consumer, wherein different actual resource and virtual resource are dynamically distributed and are reallocated on demand.Under normal circumstances, Consumer not can control or even and the accurate location of resource provided by being unaware of, but can specify on higher level of abstraction Position (such as country, state or data center), therefore there is location independence.
Rapidly elasticity: can rapidly, flexiblely (sometimes automatically) dispose computing capability, to realize Quick Extended, And it can discharge rapidly and carry out rapid drop.In consumer, the available computing capability for deployment often seem be it is unlimited, And any number of computing capability can be obtained when any.
Measurable service: cloud system passes through using being suitable for service type (such as storage, processing, bandwidth and any active ues Account number) certain level of abstraction metrology capability, automatically control and optimize resource effectiveness.It can monitor, control and report money Source service condition provides transparency for ISP and consumer both sides.
Service model is as follows:
Software is to service (SaaS): the ability provided the consumer with is answering of being run in cloud infrastructure using supplier With.It can be set by the thin client interface (such as network-based Email) of such as web browser from various client computer Standby access application.Other than the limited application configuration setting specific to user, consumer neither manages nor controls including net The bottom cloud architecture of network, server, operating system, storage or even single application power etc..
Platform services (PaaS): the ability provided the consumer with is to dispose consumer's creation in cloud infrastructure or obtain Application, these application using the program design language that supplier supports make peace tool creation.Consumer neither manages nor controls System includes network, server, operating system or the bottom cloud architecture of storage, but the application disposed to it is possessed of control power, It may also be possessed of control power to application hosting environment configuration.
Architecture services (IaaS): the ability provided the consumer with is that consumer can dispose wherein and run packet Include processing, storage, network and other basic calculation resources of any software of operating system and application.Consumer neither manages The cloud infrastructure of bottom is not controlled, but is possessed of control power to operating system, storage and the application of its deployment, to the net of selection Network component (such as host firewall) may have limited control.
Deployment model is as follows:
Private clound: cloud infrastructure operates independently for a certain mechanism.Cloud infrastructure can be by the tissue or third party tube It manages and can reside in the organization internal or outside.
Community Cloud: cloud infrastructure is shared by several tissues and has supported common interests (such as task mission, peace It is complete require, policy and close rule and consider) specific community.Community Cloud can be by common intracorporal multiple tissues or third party tube It manages and can reside in inside or outside the community.
Public cloud: cloud infrastructure provides to the public or large-scale industrial colony and is possessed by the tissue of sale cloud service.
Mixed cloud: cloud infrastructure by two or more deployment models cloud (private clound, community Cloud or public cloud) group At these clouds are still unique entity, but standardized technique or proprietary technology by making data and using that can transplant (such as the cloud burst flow for the load balance between cloud shares technology) binds together.
Cloud computing environment be it is service-oriented, feature concentrates on the mutual behaviour of statelessness, lower coupling, modularity and the meaning of one's words The property made.The core of cloud computing is the architecture comprising interconnecting nodes network.
Referring now to Figure 1, which show an examples of cloud computing node.The cloud computing node 10 that Fig. 1 is shown is only An example of suitable cloud computing node, should not function to the embodiment of the present invention and use scope bring any restrictions. In short, cloud computing node 10 can be utilized to implement and/or execute above-described any function.
Cloud computing node 10 has computer system/server 12, can be with numerous other general or specialized computing systems Environment or configuration operate together.It is well known that the computing system for being suitable for operating together with computer system/server 12, environment And/or the example of configuration includes but is not limited to: personal computer system, server computer system, thin client, thick client Machine, hand-held or laptop devices, microprocessor-based system, set-top box, programmable consumer electronics, NetPC Network PC, Little type Ji calculates machine Xi Tong ﹑ large computer system and the distributed cloud computing technology environment including above-mentioned arbitrary system, etc..
Computer system/server 12 can the computer system executable instruction executed by computer system (such as Program module) general context under describe.In general, program module may include executing specific task or realizing specifically to take out Routine, program, target program, component, logic, data structure of image data type etc..Computer system/server 12 can be Implement in the distributed cloud computing environment for the remote processing devices execution task being linked through a communication network.In distributed cloud computing In environment, it includes on the Local or Remote computing system storage medium of storage equipment that program module, which can be located at,.
The present invention is described in detail with reference to the accompanying drawings.
As shown in Figure 1, the table in the form of universal computing device of the computer system/server 12 in cloud computing node 10 It is existing.The component of computer system/server 12 can include but is not limited to: one or more processor or processing unit 16, system storage 28 connects the bus 18 of different system components (including system storage 28 and processing unit 16).
Bus 18 indicates one of a few class bus structures or a variety of, including memory bus or Memory Controller, Peripheral bus, graphics acceleration port, processor or the local bus using any bus structures in a variety of bus structures.It lifts For example, these architectures include but is not limited to industry standard architecture (ISA) bus, microchannel architecture (MAC) Bus, enhanced isa bus, Video Electronics Standards Association (VESA) local bus and peripheral component interconnection (PCI) bus.
Computer system/server 12 typically comprises a variety of computer system readable media.These media can be energy Enough any obtainable media accessed by computer system/server 12, including volatile and non-volatile media, move And immovable medium.
System storage 28 may include the computer system readable media of form of volatile memory, such as arbitrary access Memory (RAM) 30 and/or cache memory 32.Computer system/server 12 may further include other removable Dynamic/immovable, volatile/non-volatile computer system storage medium.Only as an example, storage system 34 can be used for Read and write immovable, non-volatile magnetic media (Fig. 1 do not show, commonly referred to as " hard disk drive ").Although not showing in Fig. 1 Out, the disc driver for reading and writing to removable non-volatile magnetic disk (such as " floppy disk ") can be provided, and to removable The CD drive of anonvolatile optical disk (such as CD-ROM, DVD-ROM or other optical mediums) read-write.In these cases, Each driver can be connected by one or more data media interfaces with bus 18.Memory 28 may include at least one A program product, the program product have one group of (for example, at least one) program module, these program modules are configured to perform The function of various embodiments of the present invention.
Program/utility 40 with one group of (at least one) program module 42, can store in memory 28, this The program module 42 of sample includes but is not limited to operating system, one or more application program, other program modules and program It may include the realization of network environment in data, each of these examples or certain combination.Program module 42 usually executes Function and/or method in embodiment described in the invention.
Computer system/server 12 can also be (such as keyboard, sensing equipment, aobvious with one or more external equipments 14 Show device 24 etc.) communication, it is logical that the equipment interacted with the computer system/server 12 can be also enabled a user to one or more Letter, and/or with the computer system/server 12 any is set with what one or more of the other calculating equipment was communicated Standby (such as network interface card, modem etc.) communicates.This communication can be carried out by input/output (I/O) interface 22.And And computer system/server 12 can also pass through network adapter 20 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network, such as internet) communication.As shown, network adapter 20 passes through bus 18 communicate with other modules of computer system/server 12.It should be understood that although not shown in the drawings, other hardware and/or soft Part module can operate together with computer system/server 12, including but not limited to: microcode, device driver, at redundancy Manage unit, external disk drive array, RAID system, tape drive and data backup storage system etc..
Referring now to Figure 2, which show illustrative cloud computing environments 50.As shown, cloud computing environment 50 includes The local computing device that cloud computing consumer uses can communicate therewith one or more cloud computing node 10 of letter, local to count Calculating equipment for example can be personal digital assistant (PDA) or mobile phone 54A, desktop computer 54B, laptop 54C and/or Automotive Computer System 54N.It can be in communication with each other between cloud computing node 10.It can include but is not limited to as described above private Have cloud computing node 10 in cloud, community Cloud, public cloud or mixed cloud or one or more network of their combination Carry out physics or virtual group (not shown).In this way, the consumer of cloud is not necessarily to safeguard resource just on local computing device It can request that architecture that cloud computing environment 50 provides services (IaaS), platform and services (PaaS) and/or software to service (SaaS).It should be appreciated that all kinds of calculating equipment 54A-N that Fig. 2 is shown are only schematical, cloud computing node 10 and cloud meter Calculate environment 50 can in any type of network and/or any type of calculating equipment that network addressable is connect (such as using Web browser) communication.
Referring now to Figure 3, which show one group of functional abstraction layers that cloud computing environment 50 (Fig. 2) is provided.First should Understand, component, layer and function shown in Fig. 3 are all only schematically that embodiments of the present invention are not limited thereto.Such as Fig. 3 institute Show, following layers and corresponding function be provided:
Hardware and software layer 60 includes hardware and software component.The example of hardware component includes: mainframe;RISC (is simplified Instruction set computer);Server based on framework;Store equipment;Network and networking component.In some embodiments, software group Part includes network application server software.
Virtual level 62 provides a level of abstraction, this layer can provide the example of following pseudo-entity: virtual server, virtual Storage, virtual network (including virtual private networks), virtual application and operating system and virtual client.
In one example, management level 64 can provide following function: resource provisioning function: provide in cloud computing ring The computing resource of task and the dynamic acquisition of other resources are executed in border;Metering and pricing function: to money in cloud computing environment The use in source carries out cost tracing, and provides bill and invoice thus.In one example, which may include application software License.Security function: authentication is provided for the consumer and task of cloud, provides protection for data and other resources.User's door Family function: the access to cloud computing environment is provided for consumer and system manager.Service level management function: cloud computing is provided The distribution and management of resource, to meet required service level.Service Level Agreement (SLA) plans and fulfils function: according to SLA prediction is presetted and is supplied to the offer of cloud computing resources tomorrow requirement.
The example of the offer cloud computing environment function in the cards of workload layer 66.In this layer, it is possible to provide work The example of load or function includes: mapping and navigation;Software development and life cycle management;The teaching of Virtual Class mentions For;Data Analysis Services;Trading processing;And mobile device data divides band.
Fig. 4 is the functional block diagram for showing the data processing circumstance according to an embodiment of the invention for being designated generally as 400. Fig. 4 only provides the diagram an of realization and does not mean that appointing about the system and environment that different embodiments wherein may be implemented What is limited.It can be by those skilled in the art without departing substantially from such as by being made in the case where the range of claims of the present invention Many modifications to the embodiment drawn.
Distributed data processing environment 400 includes server 402 and client device 404A~404C, they all pass through net Network 412 interconnects.Network 412 indicates such as telecommunication network, local area network (LAN), the wide area network (WAN) of such as internet or three Combination, and including the connection of wired, wireless and/or optical fiber.Network 412 include can send and receive data, voice and/or Vision signal --- including the multi-media signal comprising voice, data and video information one or more it is wired and/or Wireless network.
In the environment drawn, server 402 is management server, web server or can receive, analyzes and send One or more of any other electronic equipment of data or computing system.In this embodiment, server 402 is based on visitor The degree of approach to one or more of the other client device that family end equipment has determines the access to data.In other embodiments In, server 402 is indicated such as in cloud computing environment, is calculated using multiple computers as the server of server system System.In the example shown, server 402 can be cloud computing node 10.In another embodiment, server 402 indicates above-knee Type computer, tablet computer, notebook computer, personal computer (PC), desktop computer, personal digital assistant (PDA), Smart phone or any programmable electronic equipment that can be communicated via network 412 with client device.In another embodiment In, server 402 is indicated using cluster computer and component as the computing system of single seamless resource pool.It is real according to the present invention Example is applied, server 402 may include the component such as drawn and be described in further detail about Fig. 1.Server 402 includes access Program 420 and database 440.
In the distributed data processing environment 400 drawn, access program 420 resides on server 402 and base The access of absolute data is permitted or refused in the degree of approach to one or more of the other client device that client device has.? In various embodiments, access program 420 receives data from client device and sets data striping to one group of client of composition Standby one or more of the other client device.In these embodiments, access program 420 is based on client device to described one The degree of approach of a or a number of other client devices is permitted or is refused to point access with data.In the example shown, client device (for example, client device 404A) is that have point three client devices of the data for bringing them (for example, client device One of 404A~404C).In this example, if any one of client device in the threshold value degree of approach (for example, 10 English In radius) except, then access program 420 and disapprove client device to any point of access with data.It is deposited in computer data Chu Zhong, data striping are striping order data (such as files) in logic, so that continuous section is stored in different physical stores Technology in equipment.When the speed of processing equipment request data is capable of providing the speed of data faster than individually storing equipment, It is useful for dividing band.Total data throughout can be increased by the equipment of concurrent access dispersion section across multiple.Point band across Redundant array of independent disks (RAID) storage in disk drive, network interface controller, in cluster file system and towards grid Different computers in the storage of lattice and random access memory in some systems (RAM) device are used.
In some embodiments, the quantity of the client device in distance closer to each other has divided and brings number of devices with having According to the sum of client device compare the factor that can be when permitting or refusing to access point with data.In various implementations In example, encryption is also utilized in point band data.In other embodiments, access program 420 can use username and password And combine proximity threshold, and prior to (override) proximity threshold requirement a possibility that.It is drawn referring to Figures 5 and 6 Program 420 is accessed with being described in further detail.
In the embodiment drawn, database 440 is resided on server 402.In another embodiment, database 440 may reside within other places of distributed data processing environment 400, such as server 402, client device 404A~ In 404C, or independently as can be communicated by network 412 with server 402 and/or client device 404A~404C Independent database.Database is organized data acquisition system.Database 440 can be utilized and can be stored by server 402 and visitor Any kind of storage equipment (such as database server, hard disk for the data that family end equipment 404A~404C is accessed and utilized Driver or flash memories) it realizes.In other embodiments, database 440 indicates multiple storages in server 402 Equipment.Database 440 stores information, such as user name, account, password, proximity threshold, the client device for belonging to account Quantity divides with data, permits the quantity (for example, specified quantity), the encryption that need to permit the client device accessed for account Information etc..In the example shown, the storage of database 440 includes the degree of approach to the radius of the central point for the client device for belonging to account Threshold value.In another example, most for dividing with data is stored in database 440, to be not take up client device The upper all available database purchases of 404A~404C.
In the embodiment drawn, client device 404A~404C is desktop computer, laptop computer, plate Computer, special purpose computer server, smart phone or can via network 412 and server 402 and at distributed data Manage the various assemblies in environment 400 and one or more of any programmable electronic equipment of equipment communication.In the example shown, objective Each of family end equipment 404A~404C can be node, such as cloud computing node 10.In general, client device 404A~404C indicates any programmable electronic equipment or is able to carry out machine readable program instruction and via such as network 412 Network and other computing device communications programmable electronic equipment combination.Client device 404A~404C may include root According to the embodiment of the present invention, such as component drawing and be described in further detail relative to Fig. 1.
In embodiment, client device 404A transmits data to server 402 via network 412, visits for passing through Another data striping program point asking program 420 or not drawing takes other client devices to (for example, client device 404B With client device 404C).In various embodiments, client device 404A~404C can indicate one group of calculating equipment (example Such as, cellular phone, desktop computer, tablet computer etc.), it may belong to people, department, a company etc..In the example shown, client End equipment 404A is one of three cellular phones possessed due to user identical with client device 404B and 404C or entity. In another embodiment, client device 404A request is to point being taken to other client devices (for example, client device 404B and 404C) data access, and access program 420 or permit or refusal client device 404A to point band a number According to access.In the example shown, client device 404A is requested from access program 420 to point access with data, and is depended on Belong to connecing for client device (for example, client device 404A~404C) of the account of the user for client device 404A Recency and be allowed or be rejected to point access with data.Client device 404A~404C separately includes client Access program 430A~430C and database 450A~450C.
In the distributed data processing environment 400 drawn, client access program 430A~430C is reside respectively in Client device 404A~404C is upper and requests access to the data for taking other client devices to have been divided.In embodiment In, client accesses program 430A~430C can receive data and by data striping to other client devices from user (for example, client device 404B and 404C).In another embodiment, client access program is (for example, client accesses journey Sequence 430A) access program 420 can be transmitted data to, then by data striping to some or all of client devices and With client access program (for example, client access program 430A) belong to same account client access program (for example, Client accesses program 430B and 430C).In various embodiments, client access program 430A~430C can be regardless of band number According to, but send and receive and permit or refuse to be located at least one client device (for example, client device 404A~ Point relevant data of the access with data 404C) or on server (for example, server 402).In the example shown, client accesses Program 430A transmission may include position, user name, password, to the information of the request for the specific file for having divided band etc..
In the embodiment drawn, database 450A~450C is reside respectively on client device 404A~404C. In another embodiment, database 450A~450C may reside within other places of distributed data processing environment 400, all Such as in server 402 or independently as can via network 412 and server 402 and/or client device 404A~ The independent database of 404C communication.Database is organized data acquisition system.Database 450A~450C with can store by taking Any kind of storage equipment --- such as data of business device 402 and client device 404A~404C access and the data utilized Library server, hard disk drive or flash memories --- to realize.In other embodiments, database 450A~450C is indicated Multiple storage equipment in client device 404A~404C.Database 450A~450C stores information, such as user name, account Number, password, proximity threshold, belong to account client device quantity, point band data, permit for account need permit visit Quantity, encryption information of the client device asked etc..In the example shown, database 450A stores the quilt from the larger set of data The data for dividing band and being distributed across multiple equipment or database (for example, database 450A~450C).In another example In, database 450A~450C may include encrypted point band data and calculate equipment (for example, client device 404A ~404C) position and be stored for client access program 430A~430C any password.
Fig. 5 depicts flow chart 500 according to an embodiment of the invention, and it illustrates the functions of access program 420.Access Program 420 runs on server 402 and to divide band data creation user account and access parameter.In various embodiments, Access and account information for accessing program 420 (can be calculated when to any change of account progress for example, adding to account Equipment) and/or when access program 420 receive new data when primary account setting during created.In a kind of implementation In example, when the user of client device (for example, client device 404A) establishes the account for access program 420 for the first time When, user starts the operating procedure of access program 420.In another embodiment, access program 420 can be in setting quantity Start the operating procedure of access program 420 after number of days.In another embodiment also, access program 420 can be responded Point example with data is attempted to access that in client device (for example, client device 404A) and is started.In some embodiments, Access program 420 can be the function of client access program 430A~430C via peer-to-peer network communication.
Access the information (step 502) that program 420 receives creation customer account.In various embodiments, program 420 is accessed Data are received from client device (for example, client device 404A) to create the account for being directed to access program 420.In example In, access program 420 receives the data of the creation of instruction New Account from client access program 430A.In this example, objective Family end access program 430A provides the number that instruction belongs to the client device (for example, client device 404A~404C) of the account The data of amount.In another embodiment, access the determination of program 420 be not account member client device continually with note The equipment of volume to the account for accessing program 420 communicates.In this embodiment, access program 420 can be sent a request to Client accesses program 430A~430C, to prompt the user of client access program 430A~430C to indicate the client Whether equipment should be added to the account.For example, client device 404A~404C continually communicates with one another.Client device 404A and 404B is the member for the same account of access program 420, but client device 404C is not.Access program 420 Prompt can be sent and access program 430A and 430B to client, to determine whether client device 404C should be added to this Account.In some embodiments, access program 420, which can receive, creates an account required information, such as user name, password, meter Calculate equipment Serial Number, IP address or any other identification feature well known by persons skilled in the art.
It accesses program 420 and receives the threshold value degree of approach (step 504) for being used for client device.In various embodiments, it visits Ask that program 420 receives instruction for share and access from client access program (for example, client accesses program 430A~430C) The data of the threshold value degree of approach of the calculating equipment of the account of program 420, to allow client device (for example, client device 404A~404C) access point band data.In some embodiments, the threshold value degree of approach can be the account to access program 420 The radius distance of the central point of all devices of registration.In other embodiments, the threshold value degree of approach can be from an equipment to Another equipment rather than the distance of center.In embodiment, the position of client device can be by being located at the equipment On global positioning system determine.Receive the threshold value degree of approach be advantageous because it allow user come determine to account phase The desired limitation of associated client device and security level.
In other embodiments, the threshold value degree of approach can the signal strength by equipment or the connectivity to wireless network into Row measurement.In one example, connectivity can be the connectivity to wireless personal-area network (WPAN) measured.WPAN is People's Local Area Network, enable client device via wireless signal, infrared signal or it is well known by persons skilled in the art it is any its The connection of its connectivity method.In some embodiments, access program 420 can access program (for example, client from client Access program 430A) the equipment needs of instruction number of thresholds before allowing access to divide with data are received associated with the account Other client devices the threshold value degree of approach within data.In the example shown, have for the account of access program 420 is registered Ten client devices;But only seven needs are within the mutual threshold value degree of approach in the client device of ten registrations, So that access program 420 allows to point access with data.In one embodiment, threshold radius can from requesting to point Client device (for example, client device 404A) with data access measures.
In still other embodiments, depending on device-dependent associated with the access account of program 420 is directed to Various factors, the crime dramas in such as some place, with the report of the related news item of crime in some area, Malware Accuse, the report of phishing (phishing), danger associated with social networks, equipment associated with the account type Deng, access program 420 can be set or adjust threshold value.In some embodiments, the position based on the client device for belonging to account Set and the crime dramas in place, with the related news item of crime in some area, the report of Malware, phishing Report, danger associated with social networks, type of equipment etc., access program 420 can determine that a point band data will be compromised (breached) probability.
In various embodiments, the equipment of the threshold value degree of approach and access point with specified quantity needed for data, Ke Yiyou User, company strategy, third party, ISP, the administrator for accessing program 420 of client device etc. are arranged.In one kind In embodiment, when the client device of preset quantity in whole client devices associated with account is within the threshold value degree of approach When, there are the equipment of specified quantity.In one example, when with seven in associated ten client devices of account at that When within this threshold value proximity, meet the equipment of specified quantity.In this example, if only there are six related to the account The equipment of connection is within the mutual threshold value degree of approach, then to point access denied with data.
It accesses program 420 and receives data and across client device by data striping (step 506).In various embodiments In, access program 420 is across the calculating equipment point band data for account.In the example shown, client device 404A creation, downloading etc. New data, and client access program 430A transmits data to access program 420.Access program 420 receives new number According to and by the new data striping that receives to one with the shared account for access program 420 of client device 404A Or multiple client equipment, such as client device 404B.In some embodiments, access program 420 can also be by some numbers According to being stored in database 440.In some embodiments, client access program (for example, client accesses program 430A) can With other client devices by data striping to 420 account of share and access program.In other embodiments, program 420 is accessed Can be regardless of band data, but individually data striping program can divide band data.In still other embodiments, across meter Before calculating equipment point band data, access program 420 can only verify the log-on message for accessing program 420.Across multiple equipment Point band data be advantageous because it by data separating to different positions, thus make infringement need to include multiple equipment, so as to Obtain consistent data.
Fig. 6 depicts the flow chart 600 of function that is according to an embodiment of the invention, showing access program 420.By process The function for the access program 420 that Figure 60 0 is indicated is run on server 402, and is determined for connecing to point access with data Whether recency threshold value has met.It in various embodiments, can be for the operating procedure of the access program 420 of flow chart 600 Access program 420 starts after step 506 is completed.In other embodiments, for the access program 420 of flow chart 600 Operating procedure can be when each request be to the access with data is divided, this examines (oversee) by access program 420.
It accesses program 420 and receives the request (step 602) for being used for access from client device.In various embodiments, it visits Ask that program 420 is received from client device (for example, client device 404A~404C) for accessing point request with data.? In example, access program 420 is received from client access program 430A for accessing point request with data.In another example In, after the user of client device 404A logs on to access program 420, access program 420 connects from client device 404A It receives for accessing point request with data.In some embodiments, access program 420 can be from the server of management enterprise network Computer receives the request for access.In another embodiment also, access program 420 can be visited from such as client Ask that the client access program of program 430A is received for accessing point request with data.
Access the position (step 604) that program 420 determines client device.In various embodiments, access program 420 is known Do not belong to the position of the client device for its account requested access to.In the example shown, client device 404A request is to being located at Data store point access with data in 450A~450C.Access program 420, which identifies, belongs to all of the account for generating request Equipment (for example, client device 404A~404C).In various embodiments, access program 420 can access journey from client Sequence (for example, client accesses program 430A), the GPS on client device, the triangulation of cellular tower, Internet protocol (IP) address etc. receives the geographical location of client device (for example, client device 404A).In these embodiments, journey is accessed Sequence 420 can store this information, and if only just receiving update when location of client devices changes.In some embodiments In, access program 420 can not know the geographical location of client device, but determine signal strength or arrive network or category In the wireless connectivity of another client device of the same account for accessing program 420.In some embodiments, it accesses Program 420 may not be able to determine the position for belonging to all clients equipment of the account for access program 420.Determine client The position of equipment is advantageous, because the position of identification client device helps to verify to the true of point request with data Property.
Access program 420 determines whether client device within the threshold value degree of approach (determines 606).Access program 420 with It determines to request access to point client device (for example, client device 404A) with data and be registered to the client of same account and set Whether standby (for example, client device 404B and 404C) be within the mutual threshold value degree of approach.In the example shown, belong to the institute of account There is client device must be within one mile of predetermined radii, to allow to access point band data being stored in equipment.Another In one example, when requesting accessed program 420 to receive, access program 420 can be based on the present bit of client device It sets and the crime dramas rate in current location recalibrates the preset threshold value degree of approach.In some embodiments, it is connect in threshold value The quantity of client device in recency may also determine whether to permit to point access with data.In the example shown, client Point access with data of the end equipment 404A request to being stored on client device 404A~404C.By client device The account for access program 420 of 404A request has default: three client devices (for example, client device 404A~ In 404C) at least two must within the range for wireless communication of (for example, client device 404A and 404B) each other so that It must be able to access that point band data in all clients equipment (for example, client device 404A~404C) for account. Determine whether client device is advantageous within the threshold value degree of approach, because the threshold value degree of approach is verified to point with the true of data The one aspect of reality.
In other embodiments, the threshold value degree of approach may include the equipment of certain distance of being spaced.In the example shown, if it is objective To point access with data on client device 404A~404C, then accessing program 420 will determine for family end equipment 404A request Whether client device is spaced threshold distance (for example, separating 250 miles).In this example, if multiple equipment is stolen, Then they will must be separated remote distance, to obtain to point access with data.In some instances, client password and/ Or encryption can have high priority and/or be combined work with access program 420.
In some embodiments, the threshold value degree of approach can adjust point part with data based on setting and/or rank It is whole.In the example shown, a part with data is divided to can have high level safety setting.In this example, user may Point part with data is preset as high security rank, and accesses the reduction of program 420 and belongs to the equipment of account each other The necessary threshold value degree of approach.In another example, access program 420 is one divided with data based on point content with data Set up separately and sets security level.It is in another example, because low for point security level with data institute requested part, Proximity threshold can be adjusted to farther distance by access program 420.
If access program 420 determines that client device (determines 606 "Yes" point within the mutual threshold value degree of approach Branch), then accessing program 420 allows to point access (step 608) with data.In embodiment, the determination of access program 420 comes from For access program 420 account number of thresholds client device within the mutual threshold value degree of approach.In the example shown, exist There are 20 client devices in one account of access program 420, one of them is being requested to this 20 clients Point access with data on one or more client devices in equipment.It accesses program 420 and determines 20 client devices In 15 be within mutual wireless range.Because for access program 420 account have it is preset, infused with to account Volume client device 50% wireless connectivity range threshold value degree of approach distance, therefore access program 420 permit to point Access with data.In some embodiments, access program 420 allows to being located at the account belonged to for access program 420 Point access with data in client device on one or more client devices, but data are still password-protected Or encryption.In other embodiments, access program 420 only allows within the threshold value degree of approach of requesting party's client device Point band data access.
If access program 420 determines that client device (determines 606 "No" point not within the mutual threshold value degree of approach Branch), then access the end of program 420.In some embodiments, access program 420 can determine that the threshold value of client device is close Degree has not yet been reached;And therefore, locking is located at point band data on client device.In one example, client device 404A and 404B is connected to the same wireless router, but client device 404C does not have;And therefore, access program 420 do not allow to access a point band data.In another example, all clients of the account for access program 420 are registered to Equipment all within the mutual preset threshold degree of approach, but one or more client devices in client device be in or It is determined as at the position threatened close to accessed program 420.In this example, client device is rejected to being registered to For point access with data on the client device of the account of access program 420.In another embodiment, if access Program 420 determines client device not within the mutual threshold value degree of approach, then accessing program 420 may be advanced to step 604. In various embodiments, if access program 420 determines that client device not within the mutual threshold value degree of approach, accesses journey Sequence 420, which can remind, is just attempting to access that a point user for that account with data.
Program described herein be based in this paper specific embodiment they identify for its application realized.But It is, it should be appreciated that any specific program name of this paper all uses just for the sake of convenient, and therefore, the present invention does not answer When be confined to only by it is this name identify and/or imply any concrete application in use.
The present invention can be system, method and/or computer program product.Computer program product may include computer Readable storage medium storing program for executing, containing for making processor realize the computer-readable program instructions of various aspects of the invention.
Computer readable storage medium, which can be, can keep and store the tangible of the instruction used by instruction execution equipment Equipment.Computer readable storage medium, which for example can be ,-- but is not limited to-and-electronic storage device, magnetic storage apparatus, light deposits Store up equipment, electric magnetic storage apparatus, semiconductor memory apparatus or above-mentioned any appropriate combination.Computer readable storage medium More specific example (non exhaustive list) include: portable computer diskette, it is hard disk, random access memory (RAM), read-only It is memory (ROM), erasable programmable read only memory (EPROM or flash memory), static random access memory (SRAM), portable Formula compact disk read-only memory (CD-ROM), digital versatile disc (DVD), memory stick, floppy disk, mechanical coding equipment (such as its On be stored with the punch card or groove internal projection structure of instruction) and above-mentioned any appropriate combination.Meter used herein above Calculation machine readable storage medium storing program for executing is not interpreted instantaneous signal itself, the electromagnetic wave of such as radio wave or other Free propagations, The electromagnetic wave (for example, the light pulse for passing through fiber optic cables) propagated by waveguide or other transmission mediums or by electric wire biography Defeated electric signal.
Computer-readable program instructions as described herein can be downloaded to from computer readable storage medium it is each calculate/ Processing equipment, or outer computer or outer is downloaded to by network, such as internet, local area network, wide area network and/or wireless network Portion stores equipment.Network may include copper transmission cable, optical fiber transmission, wireless transmission, router, firewall, interchanger, gateway Computer and/or Edge Server.Adapter or network interface in each calculating/processing equipment are received from network to be counted Calculation machine readable program instructions, and the computer-readable program instructions are forwarded, for the meter being stored in each calculating/processing equipment In calculation machine readable storage medium storing program for executing.
Computer program instructions for executing operation of the present invention can be assembly instruction, instruction set architecture (ISA) instructs, Machine instruction, machine-dependent instructions, microcode, firmware instructions, condition setup data or with one or more programming languages The source code or object code that any combination is write, the programming language include the programming language-of object-oriented such as Smalltalk, C++ etc., and conventional procedural programming languages-such as " C " language or similar programming language.Computer Readable program instructions can be executed fully on the user computer, partly execute on the user computer, be only as one Vertical software package executes, part executes on the remote computer or completely in remote computer on the user computer for part Or it is executed on server.In situations involving remote computers, remote computer can pass through the network of any kind --- Including local area network (LAN) or wide area network (WAN) --- it is connected to subscriber computer, or, it may be connected to outer computer (example It is such as connected using ISP by internet).In some embodiments, by utilizing computer-readable program The status information of instruction comes personalized customization electronic circuit, such as programmable logic circuit, field programmable gate array (FPGA) Or programmable logic array (PLA), the electronic circuit can execute computer-readable program instructions, to realize of the invention each A aspect.
Referring herein to according to the method for the embodiment of the present invention, the flow chart of device (system) and computer program product and/ Or block diagram describes various aspects of the invention.It should be appreciated that flowchart and or block diagram each box and flow chart and/ Or in block diagram each box combination, can be realized by computer-readable program instructions.
These computer-readable program instructions can be supplied to general purpose computer, special purpose computer or other programmable datas The processor of processing unit, so that a kind of machine is produced, so that these instructions are passing through computer or other programmable datas When the processor of processing unit executes, function specified in one or more boxes in implementation flow chart and/or block diagram is produced The device of energy/movement.These computer-readable program instructions can also be stored in a computer-readable storage medium, these refer to It enables so that computer, programmable data processing unit and/or other equipment work in a specific way, thus, it is stored with instruction Computer-readable medium then includes a manufacture comprising in one or more boxes in implementation flow chart and/or block diagram The instruction of the various aspects of defined function action.
Computer-readable program instructions can also be loaded into computer, other programmable data processing units or other In equipment, so that series of operation steps are executed in computer, other programmable data processing units or other equipment, to produce Raw computer implemented process, so that executed in computer, other programmable data processing units or other equipment Instruct function action specified in one or more boxes in implementation flow chart and/or block diagram.
The flow chart and block diagram in the drawings show the system of multiple embodiments according to the present invention, method and computer journeys The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation One module of table, program segment or a part of instruction, the module, program segment or a part of instruction include one or more use The executable instruction of the logic function as defined in realizing.In some implementations as replacements, function marked in the box It can occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually be held substantially in parallel Row, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that block diagram and/or The combination of each box in flow chart and the box in block diagram and or flow chart, can the function as defined in executing or dynamic The dedicated hardware based system made is realized, or can be realized using a combination of dedicated hardware and computer instructions.
In another embodiment, the present invention provides execute process of the present invention based on subscription, advertisement and/or charge Method.That is, service provider (such as solution integrator) can be provided by receiving the total of file, start bit position and position Quantity provides authentication verification.In this case, provider server can be created, safeguarded and be supported etc. as one or more Consumer executes the Basis of Computer Engineering facility of process of the present invention, such as computer system 12 (Fig. 1).In turn, service provider Can according to subscribe to and/or fee agreement from consumer charge and/or service provider can be from ad content to one or more A third-party sale charge.
There are also in another embodiment, the present invention provides the computer realizations for authenticating the access to security information Method.In such a case, it is possible to provide Basis of Computer Engineering facility, such as computer system server 12 (Fig. 1), and can be with (for example, creation, purchase, use, modification etc.) is obtained to be used to execute one or more systems of process of the present invention and be deployed to The Basis of Computer Engineering facility.In this regard, the deployment of system may include following one or more: (1) in computer equipment, example Such as computer system server 12 (Fig. 1), upper program code of the installation from computer-readable medium;(2) one or more Computer equipment is added to Basis of Computer Engineering facility;And (3) combine and/or the one or more of modification Basis of Computer Engineering facility is existing There is system, to make Basis of Computer Engineering facility be able to carry out process of the invention.
The description of the various embodiments of the present invention provided is for illustrative purposes, but does not really want exhaustion or be limited to The disclosed embodiments.Without departing substantially from the scope and spirit of the present invention, many modifications and variations all will be to this field Those of ordinary skill is apparent.The selection of term as used herein is to best explain the principle of embodiment, practice Using perhaps better than the technological improvement for the technology being commercially available or in order to enable other those of ordinary skill of this field to manage Solve presently disclosed embodiment.

Claims (14)

1. a kind of method for certification, this method comprises:
Point account with data is attempted to access that by the identification of one or more computer processors;
Identify that associated with the account at least two calculate equipment by one or more computer processors, wherein described point At least part with data is located at least one calculating equipment associated with the account;
It determines to calculate from one or more first calculated in equipment identified by one or more computer processors and set The standby distance that equipment is calculated to one or more second calculated in equipment identified;
Determine that whether calculate equipment from first calculates the distance of equipment in threshold to second by one or more computer processors It is worth within the degree of approach;And
The determination of the threshold value degree of approach is based at least partially on by one or more computer processors to determine whether to permit Access to this point with data.
2. the method as described in claim 1, further includes:
In response to determining that the distance for calculating equipment to second from the first calculating equipment within the threshold value degree of approach, passes through one or more A computer processor is permitted to point access with data.
3. the method as described in claim 1, further includes:
In response to determining that calculating the distance that equipment calculates equipment to second from first is more than the threshold value degree of approach, passes through one or more Computer processor is permitted to point access with data.
4. the method as described in claim 1, wherein determining that the distance for calculating equipment to second from the first calculating equipment includes:
First, which is based on, by one or more computer processors calculates equipment and second calculates equipment whether can be via wireless Personal area network (WPAN) communication, which is determined from first, calculates the distance that equipment calculates equipment to second;
It can wherein be communicated using WPAN if first calculates equipment and the second calculating equipment, identified distance connect in threshold value Within recency;And
It can not wherein be communicated using WPAN if first calculates equipment and the second calculating equipment, identified distance is more than threshold It is worth the degree of approach.
5. the method as described in claim 1 further includes determining whether that the calculating equipment of specified quantity connects in mutual threshold value Within recency:
Calculating equipment associated with the account is identified by one or more computer processors;And
Calculating equipment by one or more determines whether the calculating equipment of preset quantity associated with the account at that Within this threshold value degree of approach.
6. the method as described in claim 1, further includes:
By the identification of one or more computer processors for point band data in calculating equipment associated with the account Data leak probability, the position of the identification based on the calculating equipment from the account;And
Probability adjustment connecing for the account by one or more computer processors based on the data leak identified Recency threshold value.
7. the method as described in claim 1, further includes:
Security level by the identification of one or more computer processors for point a part with data;And
By one or more computer processors based on the security level for point part with data identified Adjustment is used for the proximity threshold of the account.
8. the method as described in claim 1, further includes:
In response to determining that the distance for calculating equipment to second from the first calculating equipment except the threshold value degree of approach, passes through one or more A computer processor refusal is to point access with data.
9. a kind of computer system for certification, the computer system include:
One or more computer processors;
One or more computer readable storage mediums;
It is stored on computer readable storage medium for being held by least one of one or more of computer processors Capable program instruction, the program instruction include:
Identification attempts to access that a point program instruction for the account with data;
Associated with the account at least two program instructions for calculating equipment are identified, wherein at least one divided with data Part is located at least one calculating equipment associated with the account;
It determines and is calculated from one or more the first calculating equipment calculated in equipment identified to the one or more identified Second in equipment calculates the program instruction of the distance of equipment;And
Determine from first calculate equipment to second calculate equipment distance whether the program instruction within the threshold value degree of approach;And
The determination of the threshold value degree of approach is based at least partially on to determine whether to permit the journey to the described point of access with data Sequence instruction.
10. computer system as claimed in claim 9 further includes program instruction for performing the following operations:
It, should in response to determining that calculating equipment from first calculates program instruction of the distance of equipment within the threshold value degree of approach to second Program instruction is permitted to point access with data.
11. computer system as claimed in claim 9 further includes program instruction for performing the following operations:
The program instruction that the distance that equipment calculates equipment to second is more than the threshold value degree of approach, the journey are calculated in response to determining from first Sequence instruction is permitted to point access with data.
12. computer system as claimed in claim 9 calculates the distance that equipment calculates equipment to second wherein determining from first Program instruction include program instruction for performing the following operations:
Based on first calculate equipment and second calculate equipment whether can via wireless personal-area network (WPAN) communicate determine from First calculates the distance that equipment calculates equipment to second;
It can wherein be communicated using WPAN if first calculates equipment and the second calculating equipment, identified distance connect in threshold value Within recency;And
It cannot wherein be communicated using WPAN if first calculates equipment and the second calculating equipment, identified distance is more than threshold value The degree of approach.
13. computer system as claimed in claim 9 further includes determining whether the calculating equipment of specified quantity mutual Program instruction within the threshold value degree of approach, including program instruction for performing the following operations:
Identify calculating equipment associated with the account;And
Determine whether the calculating equipment of preset quantity associated with the account within the mutual threshold value degree of approach.
14. computer system as claimed in claim 9 further includes program instruction for performing the following operations:
Identify the probability for point data leak with data in calculating equipment associated with the account, the identification base In the position of the calculating equipment from the account;And
Probability adjustment based on the leaking data identified is used for the proximity threshold of the account.
CN201610156518.3A 2015-03-18 2016-03-18 Method and system for certification Active CN105989275B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US14/661,079 2015-03-18
US14/661,079 US9558344B2 (en) 2015-03-18 2015-03-18 Proximity based authentication for striped data

Publications (2)

Publication Number Publication Date
CN105989275A CN105989275A (en) 2016-10-05
CN105989275B true CN105989275B (en) 2019-01-15

Family

ID=56852827

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610156518.3A Active CN105989275B (en) 2015-03-18 2016-03-18 Method and system for certification

Country Status (3)

Country Link
US (1) US9558344B2 (en)
CN (1) CN105989275B (en)
DE (1) DE102016105062A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108293011B (en) 2015-11-05 2021-02-19 惠普发展公司,有限责任合伙企业 Apparatus, system, method for providing access to results of a synthesis routine
US10511742B2 (en) * 2016-02-11 2019-12-17 DISH Technologies L.L.C. Private information management system and methods
US10609042B2 (en) * 2016-02-15 2020-03-31 Cisco Technology, Inc. Digital data asset protection policy using dynamic network attributes
US10200369B1 (en) * 2016-02-16 2019-02-05 Symantec Corporation Systems and methods for dynamically validating remote requests within enterprise networks
US10389731B2 (en) * 2016-11-22 2019-08-20 Microsoft Technology Licensing, Llc Multi-factor authentication using positioning data
CA3029428A1 (en) * 2017-04-20 2018-10-25 Beijing Didi Infinity Technology And Development Co., Ltd. System and method for learning-based group tagging
US11176274B2 (en) * 2019-05-28 2021-11-16 International Business Machines Corporation Protecting user data
US11637838B2 (en) * 2021-02-10 2023-04-25 Bank Of America Corporation System for intrusion detection using resource activity analysis

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101785262A (en) * 2007-08-31 2010-07-21 晶像股份有限公司 Ensuring physical locality of entities sharing data
CN102801721A (en) * 2012-08-08 2012-11-28 联想(北京)有限公司 Device connecting method, electronic device and server
CN103270734A (en) * 2010-11-05 2013-08-28 高通股份有限公司 Segmented data transfer with resume capability

Family Cites Families (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6745285B2 (en) 2000-12-18 2004-06-01 Sun Microsystems, Inc. System and method for synchronizing mirrored and striped disk writes
US7929951B2 (en) 2001-12-20 2011-04-19 Stevens Lawrence A Systems and methods for storage of user information and for verifying user identity
US7418548B2 (en) * 2003-11-18 2008-08-26 Intel Corporation Data migration from a non-raid volume to a raid volume
US7181228B2 (en) * 2003-12-31 2007-02-20 Corporation For National Research Initiatives System and method for establishing and monitoring the relative location of group members
US7769887B1 (en) * 2006-02-03 2010-08-03 Sprint Communications Company L.P. Opportunistic data transfer over heterogeneous wireless networks
US20080011827A1 (en) 2006-07-17 2008-01-17 Research In Motion Limited Automatic management of security information for a security token access device with multiple connections
US7733913B1 (en) 2006-07-31 2010-06-08 Hewlett-Packard Development Company, L.P. Striping data over transmission channels
US8855665B2 (en) * 2008-12-17 2014-10-07 Avaya Inc. Location privacy enforcement in a location-based services platform
US8941466B2 (en) * 2009-01-05 2015-01-27 Polytechnic Institute Of New York University User authentication for devices with touch sensitive elements, such as touch sensitive display screens
US8532074B2 (en) 2010-07-29 2013-09-10 Microsoft Corporation Energy-efficient on-the-fly Wi-Fi hotspot using mobile devices
US20120079129A1 (en) 2010-09-24 2012-03-29 Reality Mobile Llc Distribution and Management of Streamable Data
US8595595B1 (en) * 2010-12-27 2013-11-26 Netapp, Inc. Identifying lost write errors in a raid array
US9092969B2 (en) * 2011-12-29 2015-07-28 Verizon Patent And Licensing Inc. Method and system for invoking a security function of a device based on proximity to another device
CN104169932B (en) * 2012-01-26 2018-02-02 黑莓有限公司 To the method and apparatus of electronic equipment distribution content
US8407759B1 (en) * 2012-02-24 2013-03-26 Monolith Innovations, LLC Device, method, and system for secure mobile data storage
US9494432B2 (en) * 2012-06-19 2016-11-15 Qualcomm Incorporated Collaborative navigation techniques for mobile devices
US9471764B2 (en) * 2012-07-19 2016-10-18 Apple Inc. Electronic device switchable to a user-interface unlocked mode based upon spoof detection and related methods
US8862561B1 (en) 2012-08-30 2014-10-14 Google Inc. Detecting read/write conflicts
US8793397B2 (en) * 2012-10-02 2014-07-29 Nextbit Systems Inc. Pushing notifications based on location proximity
US10162828B2 (en) 2012-11-16 2018-12-25 Red Hat, Inc. Striping files across nodes of a distributed file system
US8595810B1 (en) * 2013-01-13 2013-11-26 Mourad Ben Ayed Method for automatically updating application access security
US8964947B1 (en) * 2013-03-11 2015-02-24 Amazon Technologies, Inc. Approaches for sharing data between electronic devices
US9135164B2 (en) * 2013-03-15 2015-09-15 Virident Systems Inc. Synchronous mirroring in non-volatile memory systems
US20140317235A1 (en) * 2013-04-17 2014-10-23 Yoong Siang OH Method, System and Program Product for Transmitting Software and Information Services
US9066327B2 (en) * 2013-06-21 2015-06-23 Bose Corporation Low energy wireless proximity pairing
US9769160B2 (en) * 2013-09-19 2017-09-19 Qualcomm Incorporated Method and apparatus for controlling access to electronic devices
KR20150050825A (en) * 2013-11-01 2015-05-11 삼성전자주식회사 Method and system for displaying content including security information
US9628459B2 (en) * 2014-03-18 2017-04-18 Ca, Inc. Secure data transmission using multi-channel communication
US9572000B2 (en) * 2014-09-30 2017-02-14 Linkedin Corporation Facilitating social networking service connections via an ad hoc peer-to-peer network of mobile devices

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101785262A (en) * 2007-08-31 2010-07-21 晶像股份有限公司 Ensuring physical locality of entities sharing data
CN103270734A (en) * 2010-11-05 2013-08-28 高通股份有限公司 Segmented data transfer with resume capability
CN102801721A (en) * 2012-08-08 2012-11-28 联想(北京)有限公司 Device connecting method, electronic device and server

Also Published As

Publication number Publication date
US9558344B2 (en) 2017-01-31
DE102016105062A1 (en) 2016-09-22
CN105989275A (en) 2016-10-05
US20160275285A1 (en) 2016-09-22

Similar Documents

Publication Publication Date Title
CN105989275B (en) Method and system for certification
US10887306B2 (en) Authenticating an unknown device based on relationships with other devices in a group of devices
US9992195B2 (en) Network authentication of a geo-fenced volume
US11621978B2 (en) Temporary interface to provide intelligent application access
CN103369022B (en) Method and system for communication with memory device
US11122052B2 (en) Sensitive information accessibility in blockchain
US9998474B2 (en) Secure assertion attribute for a federated log in
US11165776B2 (en) Methods and systems for managing access to computing system resources
US9491183B1 (en) Geographic location-based policy
US11093482B2 (en) Managing access by third parties to data in a network
CN103366135B (en) The security system driven by tenant in storage cloud and method
CN106161424B (en) Method and computer system for determining trust level between communication devices
US11741254B2 (en) Privacy centric data security in a cloud environment
US20160380954A1 (en) Identification of employees on external social media
US20170053067A1 (en) Cloud-based blood bank collaborative communication and recommendation
US11075918B2 (en) Cognitive user credential authorization advisor
US11283806B2 (en) Adaptive security system
US20160080407A1 (en) Managing operations in a cloud management system
US9998498B2 (en) Cognitive authentication with employee onboarding
US11687627B2 (en) Media transit management in cyberspace
US11678150B2 (en) Event-based dynamic prediction in location sharing on mobile devices
US20210064658A1 (en) Geofencing queries based on query intent and result semantics
US20240232191A9 (en) Permission-based index for query processing

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20211208

Address after: USA New York

Patentee after: Qindarui Co.

Address before: USA New York

Patentee before: International Business Machines Corp.

TR01 Transfer of patent right